Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: target option to disable extra identity defaulting in transport tool #1223

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix: target option to disable extra identity defaulting in transport tool #1223

wants to merge 2 commits into from

Conversation

mandelsoft
Copy link
Contributor

@mandelsoft mandelsoft commented Jan 6, 2025
edited
Loading

What this PR does / why we need it

The rework of the extra identity handling unfortunately also changed the transport logic.

Setting a (re)source for a new component version now defaults the version attribute of the extra identity if it is required
to make the identity unique. This was the first step towards getting rid of this implicit identity creation incorporating
the resource's version attribute into the effective extra identity. It makes this explicit, if the version is required as part of the identity of an element, it should be explicitly set for the extra identity in the future.

This defaulting has been made explicit by manipulating the extra identity when adding a new (re)resource. It was enabled by the modification option, which basically allows to do signature relevant changes.

Unfortunately this option is also used by the transport tool, after checking the delta to compose the target version.
Therefore, the transport now explicitly defaults the version into the extra identity, which causes the signature to break.

The solution is disable this defaulting for the transport. Therefore the methods accept a new option now (DisableExtraIdentityDefaulting), which tells the add handling to omit the defaulting and take the meta data as presented.

This PR should replace #1218.

Which issue(s) this PR fixes

Fixes #1214

@mandelsoft mandelsoft requested a review from a team as a code owner January 6, 2025 11:21
@github-actions github-actions bot added the size/m Medium label Jan 6, 2025
This was referenced Jan 6, 2025
Open
Open
@jakobmoellerdev
Copy link
Contributor

While this PR is important to fix newly transferred resources, existing component versions that had this defaulting happen need to have the same hash in v1 & v2 as they otherwise would break signature calculation. This is why v3 is necessary in addition to this defaulting change which was forgotten in the original PR for defaulting.

@jakobmoellerdev jakobmoellerdev changed the title target option to disable extra identity defaulting in transport tool fix: target option to disable extra identity defaulting in transport tool Jan 6, 2025
@github-actions github-actions bot added the kind/bugfix Bug label Jan 6, 2025
jakobmoellerdev
jakobmoellerdev reviewed Jan 6, 2025
View reviewed changes
api/ocm/internal/modopts.go Outdated

// RawIdentity disables the implicit defaulting of the extraIdentity.
// A transfer operation must set this flag to preserve the normalizations.
RawIdentity *bool
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This field should be named after what it does, e.g. DisableImplicitExtraIdentityDefaulting

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

renamed to DisableExtraIdentityDefaulting

Copy link
Contributor Author

@mandelsoft mandelsoft Jan 7, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reason for RawIdentity was the the method GetRawIdentity on element meta data, which returns the identity as given and not the effective identity using the implicit version adding wherever required.

Both are correlated.

jakobmoellerdev
jakobmoellerdev requested changes Jan 6, 2025
View reviewed changes
Copy link
Contributor

@jakobmoellerdev jakobmoellerdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This fix looks mostly good, just the variable name is problematic for me.

@jakobmoellerdev
Copy link
Contributor

I checked current main out and cannot actually reproduce the extra identity defaulting happening during transport. I dont know how you did it, but I couldnt replicate the apparent fixable behavior.

If I transfer

component:
  componentReferences: []
  creationTime: "2025-01-07T11:35:56Z"
  name: github.com/jakobmoellerdev/hash
  provider: github.com/jakobmoellerdev
  repositoryContexts: []
  resources:
  - access:
      imageReference: ghcr.io/stefanprodan/podinfo:6.7.1
      type: ociArtifact
    name: podinfo
    extraIdentity: {}
    relation: external
    type: ociImage
    version: 6.7.1
  - access:
      imageReference: ghcr.io/stefanprodan/podinfo:6.3.1
      type: ociArtifact
    name: podinfo
    extraIdentity: {}
    relation: external
    type: ociImage
    version: 6.3.1
  sources: []
  version: 1.0.0
meta:
  schemaVersion: v2

from e.g. a component archive to a OCI registry, I cannot see any extra identity default:

crane blob ghcr.io/jakobmoellerdev/hashtest/component-descriptors/github.com/jakobmoellerdev/hash:1.0.0@sha256:08f3ad3809cd4a7f33997d52cb916c62255f0d05ecc69ee9682debb8c5b8436e
component-descriptor.yaml0000000000000000000000000000130214163714600014266 0ustar0000000000000000component:
  componentReferences: []
  creationTime: "2025-01-07T11:35:56Z"
  name: github.com/jakobmoellerdev/hash
  provider: github.com/jakobmoellerdev
  repositoryContexts:
  - baseUrl: ghcr.io
    componentNameMapping: urlPath
    subPath: jakobmoellerdev/hashtest
    type: OCIRegistry
  resources:
  - access:
      imageReference: ghcr.io/stefanprodan/podinfo:6.7.1
      type: ociArtifact
    name: podinfo
    relation: external
    type: ociImage
    version: 6.7.1
  - access:
      imageReference: ghcr.io/stefanprodan/podinfo:6.3.1
      type: ociArtifact
    name: podinfo
    relation: external
    type: ociImage
    version: 6.3.1
  sources: []
  version: 1.0.0
meta:
  schemaVersion: v2

How is this additional case triggered?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakobmoellerdev jakobmoellerdev Awaiting requested review from jakobmoellerdev

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
kind/bugfix Bug size/m Medium
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Incompatible change of OCM-Component-Descriptor-Normalisation between OCM-CLI v0.18.0 vs v0.19.0
2 participants
@mandelsoft @jakobmoellerdev